KVM: nVMX: Verify VMCS shadowing controls
authorLiran Alon <liran.alon@oracle.com>
Fri, 22 Jun 2018 23:35:06 +0000 (02:35 +0300)
committerPaolo Bonzini <pbonzini@redhat.com>
Mon, 6 Aug 2018 15:58:40 +0000 (17:58 +0200)
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Signed-off-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
arch/x86/kvm/vmx.c

index 64b11c57b5f437b284181a2fb7bb9b7168ed9299..e762222476a9ccb628a814687e6b10d85d972979 100644 (file)
@@ -11038,6 +11038,19 @@ static int nested_vmx_check_pml_controls(struct kvm_vcpu *vcpu,
        return 0;
 }
 
+static int nested_vmx_check_shadow_vmcs_controls(struct kvm_vcpu *vcpu,
+                                                struct vmcs12 *vmcs12)
+{
+       if (!nested_cpu_has_shadow_vmcs(vmcs12))
+               return 0;
+
+       if (!page_address_valid(vcpu, vmcs12->vmread_bitmap) ||
+           !page_address_valid(vcpu, vmcs12->vmwrite_bitmap))
+               return -EINVAL;
+
+       return 0;
+}
+
 static int nested_vmx_msr_check_common(struct kvm_vcpu *vcpu,
                                       struct vmx_msr_entry *e)
 {
@@ -11639,6 +11652,9 @@ static int check_vmentry_prereqs(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
        if (nested_vmx_check_pml_controls(vcpu, vmcs12))
                return VMXERR_ENTRY_INVALID_CONTROL_FIELD;
 
+       if (nested_vmx_check_shadow_vmcs_controls(vcpu, vmcs12))
+               return VMXERR_ENTRY_INVALID_CONTROL_FIELD;
+
        if (!vmx_control_verify(vmcs12->cpu_based_vm_exec_control,
                                vmx->nested.msrs.procbased_ctls_low,
                                vmx->nested.msrs.procbased_ctls_high) ||